Security Vulnerability: CVE-2017-5753, CVE-2017-5715 (Spectre), and CVE-2017-5754 (Meltdown)

What’s the vulnerability?

Spectre and Meltdown represent a class of vulnerabilities affecting modern computer processors utilizing Intel’s CPU architecture. The vulnerabilities affect the majority of modern microprocessors, and allow an attacker with the ability to execute code on an affected system to randomly read memory locations for other running applications. Such data may include passwords, private keys, message contents, and more.


What can our customers do?

Shared SaaS: The VMware AirWatch SaaS Service team is currently evaluating, identifying, and patching affected systems in our SaaS environments related to vulnerabilities described in CVE-2017-5753, CVE-2017-5715 (Spectre), and CVE-2017-5754 (Meltdown).

Dedicated SaaS: In the event VMware AirWatch must perform maintenance that will affect our service availability to our SaaS dedicated customer environments, AirWatch will work with you to determine suitable scheduling of these activities. 

On-Premise: On-Premise environments managed by customers should be remediated in accordance with the guidance document provided by your operating system vendor(s). VMware AirWatch is in the process of evaluating our shipped products to determine whether patching is necessary. At this time, VMware AirWatch has not identified any AirWatch products requiring software patches. 

Mobile Applications: VMware AirWatch is aware of reports that these vulnerabilities have been shown to affect common browser frameworks such as Chromium and WebKit. VMware AirWatch mobile applications such as VMware Browser do not ship copies of these libraries, but instead rely on the versions of these libraries provided by the underlying operating system (ex: Android and iOS). Therefore, VMware AirWatch mobile applications take advantage of the mitigations already shipped by OEM vendors. At this time, VMware AirWatch has not identified any necessary application changes or mitigations beyond those provided by the OEM vendor. Customers should continue to monitor vendors for updates to device platforms and libraries.

Make sure to subscribe to this knowledge base article for the latest information as it becomes available. In addition, sign up for the VMware Security Announcements mailing list to receive new and updated VMware Security Advisories relating to VMware products.


Additional Resources

Support Contact Information

To open a Support Request, please call your local AirWatch support line or submit a Support Request via myAirWatch.


Best Regards,

The AirWatch Team

Have more questions? Submit a request


  • 0
    Jordan Cardinal

    VMware AirWatch is currently in the process of assessing the impact of patches on our environments and will provide updates in the existing KB and VMSA articles as more information is available. Please continue to monitor these resources for updates.

Article is closed for comments.